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CCNA Security Lab 5 - Accounting - CLI 

Lab 5 

Accounting 
Lab Objective: 

The objective of this lab exercise is for you to learn and understand how 
configure Accounting in Cisco IOS software. 

Lab Purpose: 

Accounting is one of the three components of AAA services. Accounting allows 
administrators to configure Cisco IOS routers to send information on the 
commands or other actions taken by Authenticated and Authorized users on those 
devices. 

Lab Difficulty: 

This lab has a difficulty rating of 6/10. 

Readiness Assessment: 

When you are ready for your certification exam, you should complete this lab in 
no more than 10 minutes. 

Lab Topology: 

Please use the following topology to complete this lab exercise: 



172.16.1.254/24 


Lab 5 Configuration Tasks 
Task 1: 

Configure the hostname on R1 and IP addressing as illustrated in the diagram. In 
addition, configure Host 1 with the IP address specified and a default gateway 
of 172.16.1.1. 

NOTE: 

If you do not have a Host in your lab, you can simply substitute Host 1 for another router with an Ethernet 
interface and a default static route pointing to 172.16.1.1. 


Task 2: 

Configure Authentication as follows on Rl: 






me Hutnermcamon username prompt snouia reaa: tnter username: 

The Authentication password prompt should read: "Enter Password:" 

Users should be Authenticated only against the local database 

Task 3: 

Configure Authorization as follows on Rl: 

Level 15 commands should be Authorized based on the local database 

Level 1 commands should be Authorized if the user is successfully Authenticated 

The local database should be used to Authorize configuration commands 

Task 4: 

Configure Accounting as follows on Rl: 

Rl should record start and stop without waiting for Level 15 commands 
Rl should record stop when service terminates for Level 1 commands 
Accounting information should be sent to RADUIS server 172.16.1.192 

Task 5: 

Configure the following username/password pairs on Rl: 

Username Secret Privilege Level 

super ciscol23 15 
basic cisco456 1 

In addition, ensure that Rl uses AAA for inbound connection. 

Task 6: 

Verify that your Accounting configuration works as expected using the appropriate debugging commands while you 
Telnet from Host 1 to Rl. 


Lab 5 Configuration and Verification 
Task 1: 

Router(config)#hostname Rl 
Rl(config)#int fO/O 

Rl(config-if)#ip address 172.16.1.1 255.255.255.0 

Rl(config-if)#no shutdown 

Rl(config-if)#exit 

Rl(config)#exit 

Rl# 


|C:\>ipconf ig 

Windows IP Configuration 


Command Prompt 


Ethernet adapter Local Area Connection 2: 


Connection-specific DNS Suffix 
IP Address. .......... 

Subnet Mas k .......... 

r. 


BED 


172.16.1.254 

255.255.255.0 

-_ 1 *70 1C 








Ethernet adapter Wireless Network Connection: 

Media State . : Media disconnected 

C:\>_ 


Task 2: 

Rl(config)#aaa new-model 

Rl(config)#aaa authentication username-prompt "Enter Username:" 
Rl(config)#aaa authentication password-prompt "Enter Password:" 
Rl(config)#aaa authentication login default local 
Task 3: 

Rl(config)#aaa authorization commands 15 default local 
Rl(config)#aaa authorization commands 1 default if-authenticated 
Rl(config)#aaa authorization exec default local 
Rl(config)#aaa authorization config-commands 
Task 4: 

Rl(config)#aaa accounting commands 15 default start-stop group AAA-RADIUS 
Rl(config)#aaa accounting commands 1 default stop-only group AAA-RADIUS 
Rl(config)#aaa group server radius AAA-RADIUS 

Rl(config-sg-radius)#server 172.16.1.192 

Rl(config-sg-radius)#exit 

Rl(config)#exit 

Rl# 

Task 5: 

Rl(config)#username super privilege 15 secret ciscol23 
Rl(config)#username basic privilege 1 secret cisco456 

Rl(config)#line vty 0 4 

Rl(config-line)#login authentication default 


Rl(config-line)# exit 

Rl(config)#exit 

Rl# 

Task 6: 


Telnet 1 72.1 6.1.1 


|- □! 

User Recess UerificAt ion 



Enter Username:super 

Enter Password: 



[Rl ttconf 

Configuring from terminal, memory, or 
DEnter configuration commands, one per 
Pi <config>ttip routing 

■Rl _ 

network (terminal]? 
line. End with CNTL/Z. 









R1 M 
Rl«, 


Rl#debug aaa accounting 

AAA Accounting debugging is on 
Rl# 

Rl# 

Rl# 

*Mar 1 01:10:24.351: AAA/ACCT/EVENT/(00000007): CALL START 

*Mar 1 01:10:24.351: Getting session id for NET(00000007) : db=84461164 

*Mar 1 01:10:24.351: AAA/ACCT(00000000): add node, session 5 

*Mar 1 01:10:24.355: AAA/ACCT/NET(00000007): add, count 1 

*Mar 1 01:10:24.355: Getting session id for NONE(00000007) : db=84461164 

*Mar 1 01:10:30.396: AAA: parse name=tty66 idb type=-l tty=-l 

*Mar 1 01:10:30.396: AAA: name=tty66 fiags=0xll type=5 shelf=0 slot=0 adapter=0 port=66 channel=0 

*Mar 1 01:10:30.396: AAA/MEMORY: create_user (0x844A52A4) user-super 1 ruser='Rl'ds0=0 port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=15 initiaI_task_id ='0', vrf= (id =0) 

*Mar 1 01:10:30.396: AAA/MEMORY: free_user (0x844A52A4) user='super' ruser='Rl' port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=15 vrf= (id =0) 

*Mar 1 01:10:33.445: AAA: parse name=tty66 idb type=-l tty=-l 

*Mar 1 01:10:33.445: AAA: name=tty66 fiags=0xll type=5 shelf=0 slot=0 adapter=0 port=66 channel=0 

*Mar 1 01:10:33.445: AAA/MEMORY: create_user (0x835307CC) user='super' ruser='Rl' ds0=0 port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=15 in itia l_ta s k_id ='0', vrf= (id =0) 

*Mar 1 01:10:33.445: AAA/MEMORY: free_user (0x835307CC) user='super' ruser='Rl' port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=15 vrf= (id =0) 

*Mar 1 01:10:34.575: %SYS-5-CONFIG_I: Configured from console by super on vtyO (172.16.1.254) 

*Mar 1 01:11:57.824: unknown AAA/DISC: l/"User Request" 

*Mar 1 01:11:57.824: unknown AAA/DISC/EXT: 1020/"User Request" 

*Mar 1 01:11:57.828: AAA/ACCT/EVENT/(00000007): CALL STOP 

*Mar 1 01:11:57.828: AAA/ACCT/CALL STOP(00000007): Sending stop requests 

*Mar 1 01:11:57.828: AAA/ACCT(00000007): Send all stops 

*Mar 1 01:11:57.828: AAA/ACCT/NET(00000007): STOP 

*Mar 1 01:11:57.828: AAA/ACCT/NET(00000007): Method list not found 

*Mar 1 01:11:57.828: AAA/ACCT(00000007): del node, session 5 

*Mar 1 01:11:57.828: AAA/ACCT/NET(00000007): free_rec, count 0 

*Mar 1 01:11:57.828: AAA/ACCT/NET(00000007) recent 0, csr TRUE, osr 0 

*Mar 1 01:11:57.828: AAA/ACCT/NET(00000007): Last rec in db, intf not enqueued 


<= ' Command Prompt 


HSQ 

D 

User* Access llei'if ic«t ion 

Enter llsernane : has ic 
Enter Password: 

Rl>show ip int brief 


Interface 

IP-flddress 

OK? 

Method 

Status 

Pl'Ot 

bco 1 

FastEthernet0/0 

172.16.1.1 

YES 

NU ROM 

up 

up 

Serial0/0 

unassigned 

YES 

nanual 

administratioely down 

down 


R1>enable 

v. Error in autbent icat ion . 


El > 

R1>exit 


Connection to host lost. 


Ld 


Rl#debug aaa accounting 

AAA Accounting debugging is on 
Rl# 

*Mar 1 01:13:55.372: AAA/ACCT/EVENT/(00000009): CALL START 

*Mar 1 01:13:55.372: Getting session id for NET(00000009) : db=83678F6C 

*Mar 1 01:13:55.372: AAA/ACCT(00000000): add node, session 7 

*Mar 1 01:13:55.372: AAA/ACCT/NET(00000009): add, count 1 

*Mar 1 01:13:55.372: Getting session id for NONE(00000009) : db=83678F6C 

*Mar 1 01:14:03.999: AAA: parse name=tty66 idb type=-l tty=-l 

*Mar 1 01:14:03.999: AAA: name=tty66 fiags=0xll type=5 shelf=0 slot=0 adapter=0 port=66 channel=0 

*Mar 1 01:14:03.999: AAA/MEMORY: create_user (0x84460E48) user-basic’ ruser-Rl 1 ds0=0 port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=l initial_task_id ='0', vrf= (id =0) 

*Mar 1 01:14:03.999: AAA/MEMORY: free_user (0x84460E48) user='basic' ruser='Rl' port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=NONE priv=l vrf= (id =0) 

*Mar 1 01:14:06.150: AAA: parse name=tty66 idb type=-l tty=-l 

*Mar 1 01:14:06.150: AAA: name=tty66 fiags=0xll type=5 shelf=0 slot=0 adapter=0 port=66 channel=0 

*Mar 1 01:14:06.150: AAA/MEMORY: create_user (0x8446107C) user-basic' ruser-NULL' ds0=0 port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=ENABLE priv=15 initia I task id ='0', vrf= (id =0) 

*Mar 1 01:14:06.154: AAA/MEMORY: free_user (0x8446107C) user='basic' ruser='NULL' port='tty66' 
rem_addr='172.16.1.254' authen_type=ASCII service=ENABLE priv=15 vrf= (id =0) 

*Mar 1 01:14:09.820: unknown AAA/DISC: l/"User Request" 

*Mar 1 01:14:09.820: unknown AAA/DISC/EXT: 1020/"User Request" 

*Mar 1 01:14:09.824: AAA/ACCT/EVENT/(00000009): CALL STOP 

*Mar 1 01:14:09.824: AAA/ACCT/CALL STOP(00000009): Sending stop requests 

*Mar 1 01:14:09.824: AAA/ACCT(00000009): Send all stops 

*Mar 1 01:14:09.824: AAA/ACCT/NET(00000009): STOP 

*Mar 1 01:14:09.824: AAA/ACCT/NET(00000009): Method list not found 

*Mar 1 01:14:09.824: AAA/ACCT(00000009): del node, session 7 






*Mar 1 01:14:09.824: AAA/ACCT/NET(00000009): free_rec, count 0 

*Mar 1 01:14:09.828: AAA/ACCT/NET(00000009) recent 0, csr TRUE, osr 0 

*Mar 1 01:14:09.828: AAA/ACCT/NET(00000009): Last rec in db, intf not enqueued 

Lab 5 Configurations 
R1 Configuration 

Rl#show run 
Building configuration... 

Current configuration : 1208 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname R1 
! 

boot-sta rt-ma rke r 
boot-end-ma rker 
! 

! 

aaa new-model 
! 

! 

aaa group server radius AAA-RADIUS 
server 172.16.1.192 auth-port 1645 acct-port 1646 
! 

aaa authentication password-prompt "Enter Password:" 

aaa authentication username-prompt "Enter Username:" 

aaa authentication login default local 

aaa authorization config-commands 

aaa authorization exec default local 

aaa authorization commands 1 default if-authenticated 

aaa authorization commands 15 default local 


aaa session-id common 



no network-clock-participate slot 1 
no network-clock-participate wicO 
ip cef 
! 

! 

! 

! 

! 

multilink bundle-name authenticated 
! 

! 

! 

! 

! 

username super privilege 15 secret 5 $l$pvqx$JttbM.xHYFDzzfiBnS89.1 

username basic secret 5 $l$ffy6$/cFBje9BqMblTe64GwdjaO 
archive 
log config 
hidekeys 

! 

! 

! 

! 

! 

! 

! 

interface FastEthernetO/O 
ip address 172.16.1.1 255.255.255.0 
duplex auto 
speed auto 
! 

interface Serial0/0 
no ip address 
shutdown 
! 

ip forward-protocol nd 
! 

! 


io htto server 



no ip http secure-server 


! 

! 

! 

! 

! 

control-plane 

! 

! 

! 

line con 0 

line aux 0 
line vty 0 4 
! 

! 

end 
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